LDAP

This guide provides step-by-step instructions to configure LDAP authentication in JMS Bridge using ActiveMQ Artemis 2.28.0.

Note

The following configurations apply to both the Master and Slave server containers.

VM

1. Create or update the file at JMS_BRIDGE_ROOT/etc/jms-bridge/login.config with the following content:

LdapDomain {
    org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required
        debug=true
        initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
        connectionURL="ldap://localhost:389"
        connectionUsername="uid=admin,ou=system"
        connectionPassword="admin"
        connectionProtocol="simple"
        authentication="simple"
        userBase="ou=users,dc=example,dc=com"
        userSearchMatching="(uid={0})"
        roleBase="ou=groups,dc=example,dc=com"
        roleSearchMatching="(uniqueMember={0})"
        roleNameAttributeID="cn";
};

2. Ensure your LDAP server contains:

• Users under ou=users,dc=example,dc=com
• Groups under ou=groups,dc=example,dc=com
• Group entries with uniqueMember attributes pointing to user DNs

3. Edit JMS_BRIDGE_ROOT/etc/jms-bridge/broker.xml and enable security:

<security-enabled>true</security-enabled>

<security-settings>
    <security-setting match="#">
        <permission type="send" roles="admins,users"/>
        <permission type="consume" roles="admins,users"/>
        <permission type="createAddress" roles="admins"/>
        <permission type="deleteAddress" roles="admins"/>
        <permission type="createDurableQueue" roles="admins"/>
        <permission type="deleteDurableQueue" roles="admins"/>
        <permission type="createNonDurableQueue" roles="admins"/>
        <permission type="deleteNonDurableQueue" roles="admins"/>
        <permission type="manage" roles="admins"/>
    </security-setting>
</security-settings>

4. Open JMS_BRIDGE_ROOT/etc/jms-bridge/jms-bridge.conf and configure the security domain:

Note

The domain name must match the one used in login.config.

security {
    domain = "LdapDomain"
}

5. Restart the JMS Bridge servers.

Docker

1. Copy the login.config file into the container:

docker cp /path/to/login.config <jms-bridge-container-id>:/etc/jms-bridge

2. Verify the contents of /etc/jms-bridge/login.config:

LdapDomain {
    org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required
        debug=true
        initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
        connectionURL="ldap://localhost:389"
        connectionUsername="uid=admin,ou=system"
        connectionPassword="admin"
        connectionProtocol="simple"
        authentication="simple"
        userBase="ou=users,dc=example,dc=com"
        userSearchMatching="(uid={0})"
        roleBase="ou=groups,dc=example,dc=com"
        roleSearchMatching="(uniqueMember={0})"
        roleNameAttributeID="cn";
};

3. Modify the /etc/jms-bridge/broker.xml file and apply the security configuration:

<security-enabled>true</security-enabled>

<security-settings>
    <security-setting match="#">
        <permission type="send" roles="admins,users"/>
        <permission type="consume" roles="admins,users"/>
        <permission type="createAddress" roles="admins"/>
        <permission type="deleteAddress" roles="admins"/>
        <permission type="createDurableQueue" roles="admins"/>
        <permission type="deleteDurableQueue" roles="admins"/>
        <permission type="createNonDurableQueue" roles="admins"/>
        <permission type="deleteNonDurableQueue" roles="admins"/>
        <permission type="manage" roles="admins"/>
    </security-setting>
</security-settings>

4. Edit /etc/jms-bridge/jms-bridge.properties and add:

Note

The domain name must match the one used in login.config.

bridge.security.domain=LdapDomain

5. Restart the JMS Bridge container:

docker restart <jms-bridge-container-id>